Robinhood, the trading app comprised of users who drove this year’s Reddit stock craze, reports that it has suffered a data breach in which the names and email addresses of millions of traders were stolen. In a blog post, the company emphasized that no Social Security or bank account numbers were compromised, and none of its users suffered any financial loss.
The company said the hacker gained access to Robinhood’s network systems by impersonating an authorized party to a customer-support employee on the phone. Officials said the breach was discovered late Wednesday of last week and quickly contained.
Robinhood said the hacker demanded a ransom payment at one point, but the case was turned over to law enforcement to handle. The company also retained the services of Mandiant, a cybersecurity firm.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood chief security officer Caleb Sima. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”
5 million email addresses
The company says an investigation into the hack shows that the hacker was able to steal a list of email addresses for approximately five million users, as well as full names for a different group of approximately two million people.
Robinhood also believes the hackers gained more extensive data on about 310 users. Again, it doesn’t think any financial information was compromised, but hackers may have gained access to names, dates of birth, and zip codes for that small group of customers.
Robinhood gained millions of customers during the pandemic when homebound Americans used its app to trade stocks, in many cases driving up the price of so-called “meme” stocks like Gamestop and AMC.
Disruptive force
The company has been a disruptive force in the financial services industry by not charging commissions on trades. Now, nearly all online trading platforms have done away with commissions on stock trades.
Robinhood customers seeking information on how to keep accounts secure can visit Help Center, then tab through My Account & Login and Account Security.
When in doubt, users may log in to view messages from the company. It also points out that it will never include a link to access a user’s account in a security alert.